I'm working on an aimbot for UT 2003, it's working but the problem is that it also aims at allies. So I would need to find the info which are enemies and which are allies. I think the info should be stored in the player struct (can you confirm this L. Spiro?). First I thought I'd try changing the team and searching for differences, but the player is killed every time I change team so the struct is also destroyed, and the data moves. I have tried to search the player structure for values like 1 or 2 but I haven't been able to find anything. Any tips on how to continue?

Pretty sure it is just a number indicating on which team the player is.Save two players from different teams to a binary file and compare them for single bytes that are low enough to be a team index (for 2 teams, one will be 0 and one will be 1).

I've been trying to compare my own player's structure to the enemy's structure using a simple C program. First I calculate the addresses where the structures start (this works), then I copy the structures into arrays:(beginning and beginning2 are the addresses where the structures begin.)

If you weren't sure then it was an excellent guess. I managed to confirm (yesterday night about 1 am ) that it indeed is a byte that is 0 when on the red team and 1 when on the blue team. I found it only for the player itself, though. And it was quite far from where I was looking for it. Freezing or changing it doesn't affect anything, though, and I think that suggests that it's not actually the right one. I'm guessing it's related to that the player is different and has the same info stored in other places, too. I'm just guessing, though.

That is a great idea. I will probably try that today.

I'm a bit confused about how the game stores the values right now. Because I assumed that the team-byte should be located in the same structure as the hp and the coordinates but this doesn't seem to be the case. Could it be that it's not stored in the structure of the player but it is stored in the structures of the enemies/teammates? Or could there be more than one structure for each player? Or maybe there is one structure and additional variables or arrays or something...

If there are a bunch of team properties that would be the same for every player on that team, instead of replicating all that data for each player it would be simpler to make one team-data structure and give each player a pointer to that structure.

That sounded reasonable so I decided to test it. I made a program that reads the structures of 10 enemy's into an array, compares the values and then displays the results. I read the values as int (4 bytes) because I was looking for an address after all. I also made it only print values that are greater than 0x100000 to reduce the number of hits (don't know how safe that was). Still I get over 100 hits, though. Would you happen to have any tricks to reduce the number of hits (can't add bots anymore)?

This is assuming DLL injection is used to check addresses.If you are reading the process remotely, use ::ReadProcessMemory() instead of indirection ((*reinterpret_cast<UINT_PTR *>(pvAddress))) and use ::ReadProcessMemory() instead of ::IsBadReadPtr() to check if the area of RAM where the pointer points is valid (if it fails then the pointer points to an invalid location).

OK, I changed "int" to "UINT_PTR" and added those checks. They dropped the results from over a hundred to 39 (which is still a bit much but way better than before). I already have an idea, though. I will post here if it doesn't lead anywhere. Thanks for the help.

Ok, so now it's time to post again. I had limited the possibilities to 39 addresses but there were still too many to go through all of them manually. So I compared the addresses with the ones that are in my player's own structure since all the bots were enemies, and looked for addresses that were different. Now I had 5 left so I started going through them manually. However, none of them were pointing to any team structures since they always pointing at the same location for bots, no matter which team they were on (tested this). Do you think it's possible that comparing the bots' structures to the player's structure could mess things up or does it mean that such pointer doesn't exist?

Next I thought I could try just comparing bytes in the structures again. I should have found the address already if it's stored that way in the structure but I'm running out of ideas...

If you have a look on the NoCoolDown topic I've made for cabal, maybe it helps you find it out.

What I've done was finding the actual skill (in you case, the team) structure. After finding the team structure, I just followed the opposite direction, looking for pointers for that address range sucessively until I got to an static address. You probably will stop by a dynamically allocated structure which is one player's structure, until you get to a static list of address to player structures.